<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:16px"><div>Do you have an email to submit infected ole files to be added to the <br></div><div dir="ltr">badmacro.ndb? I have one now that is several days old that is not</div><div dir="ltr">flagged by clamd with badmacro.ndb. It is up to 26 of 55 on virustotal now.</div><div id="yui_3_16_0_1_1456282617468_10177" dir="ltr"><br></div><div><span></span></div><div class="qtdSeparateBR"><br><br></div><div style="display: block;" id="yui_3_16_0_1_1456282617468_10182" class="yahoo_quoted"> <div id="yui_3_16_0_1_1456282617468_10181" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1456282617468_10180" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1456282617468_10179" dir="ltr"> <font id="yui_3_16_0_1_1456282617468_10199" size="2" face="Arial"> <hr id="yui_3_16_0_1_1456282617468_10198" size="1"> <b><span style="font-weight:bold;">From:</span></b> Steve Basford <steveb_clamav@sanesecurity.com><br> <b><span style="font-weight: bold;">To:</span></b> MailScanner Discussion <mailscanner@lists.mailscanner.info> <br> <b><span style="font-weight: bold;">Sent:</span></b> Monday, February 8, 2016 2:44 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> RE: Virus Parser<br> </font> </div> <div id="yui_3_16_0_1_1456282617468_10184" class="y_msg_container"><br><br clear="none">On Mon, February 8, 2016 7:39 pm, Scott B. Anderson wrote:<br clear="none">> How do you handle the new Office 97-05 trojan documents without macros<br clear="none">> that still contain Trojans that abuse the rtf 'engine' in office<br clear="none">> 2010/13/16 to root workstations without the .doc or .xls actually<br clear="none">> containing a macro?<br clear="none">><br clear="none">If you are using ClamAV you can block these easily with badmacro.ndb.<br clear="none"><br clear="none">In addition phish.ndb will block xml types with rogue.hdb to fill<br clear="none">in the rest of the crappy stuff.<br clear="none"><br clear="none"><a id="yui_3_16_0_1_1456282617468_10215" shape="rect" href="http://sanesecurity.com/usage/linux-scripts/" target="_blank">http://sanesecurity.com/usage/linux-scripts/</a><br clear="none"><br clear="none">Cheers,<br clear="none"><br clear="none">Steve<br clear="none">Web : sanesecurity.com<br clear="none">Blog: sanesecurity.blogspot.com<br clear="none">Twitter: @sanesecurity<div class="yqt8607204356" id="yqtfd90558"><br clear="none"><br clear="none"><br clear="none"><br clear="none">-- <br clear="none">MailScanner mailing list<br clear="none"><a shape="rect" ymailto="mailto:mailscanner@lists.mailscanner.info" href="mailto:mailscanner@lists.mailscanner.info">mailscanner@lists.mailscanner.info</a><br clear="none"><a shape="rect" href="http://lists.mailscanner.info/listinfo/mailscanner" target="_blank">http://lists.mailscanner.info/listinfo/mailscanner</a><br clear="none"><br clear="none"></div><br><br></div> </div> </div> </div></div></body></html>